From Wikipedia, the free encyclopedia
Jump to: navigation, search

kGraft is a live patching technology developed by SUSE for run-time patching of the Linux kernel. kGraft doesn't require stopping the kernel to install kernel patches.[1] This maximizes system uptime, and thus system availability, which is important for mission critical enterprise and big data systems, especially with the advent of cloud computing. By allowing dynamic patching of the kernel, the technology also encourages users to install security updates without deferring them to a scheduled downtime.

A kGraft patch is a kernel module, limited to replacing whole functions and constants in the kernel.[2] kGraft offers tools for creating the live patch modules.[3] SUSE hopes that kGraft will be merged into mainline Linux kernel, and intends to work together with the Linux community to make a common standard for live kernel patching.[2] However, it had not been mainlined as of Linux kernel version 3.15, and has not been queued up for merging into Linux kernel version 3.16.[4]


Before SUSE developed kGraft, Ksplice was the only well known method for live patching the Linux kernel.

On 31 January 2014, SUSE announced that they will release kGraft as an alternative to Ksplice.[3] kGraft was officially released on 27 March 2014.[1]

At the same time, Red Hat was developing their own implementation for kernel live patching, named kpatch. kpatch was officially announced on 26 February 2014 as having been under development internally for a few months.[5] SUSE and Red Hat each submitted their patches to the Linux kernel on 30 April and 1 May 2014 respectively.[6]

Advantages and Limitations[edit]

kGraft offers several advantages for Linux users:[2]

  • doesn't require stopping the kernel to install kernel patches
  • allows code review on kGraft patch sources
  • source code is small as it leverages existing Linux technologies

There are also some limitations that allows kGraft to apply small yet important fixes but not major kernel updates:[2]

  • designed to fix critical, simple bugs
  • major changes require special attention
  • depends on a stable build environment

See also[edit]


  1. ^ a b "SUSE Releases kGraft for Live Patching of Linux Kernel". SUSE. 27 March 2014. Retrieved 10 June 2014. 
  2. ^ a b c d Larabel, Michael (28 March 2014). "SUSE Will Mainline Their kGraft Life Kernel Patching". Phoronix. Retrieved 10 June 2014. 
  3. ^ a b Pavlík, Vojtěch (31 January 2014). "kGraft: Live Kernel Patching". SUSE Conversations. SUSE. Retrieved 10 June 2014. 
  4. ^ Larabel, Michael (6 June 2014). "Trying Out kGraft Live Kernel Patching On Ubuntu Linux". Phoronix. Retrieved 10 June 2014. 
  5. ^ Poimboeuf, Josh; Jennings, Seth (26 February 2014). "Introducing kpatch: Dynamic Kernel Patching". Blog (Red Hat). Retrieved 10 June 2014. 
  6. ^ Larabel, Michael (1 May 2014). "SUSE Posts kGraft, Red Hat Posts Kpatch Patches". Phoronix. Retrieved 10 June 2014. 

External links[edit]